Airlines Can’t Wing It Anymore Against Hackers

'We have to get the budget out there to stay ahead of this because otherwise it's gonna have a major impact'

Israel is adding advanced cyber protections to its F-35 jets, and the United States should do the same according to cybersecurity expert Richard Blech. (Photo: Wikimedia Commons)

The Israeli military made (air)waves last week when it announced that it was installing cyber defenses on its F-35 jets. While this may seem like a futuristic concept, it’s actually long overdue from an online security standpoint.

“Bad actors were already doing bad things on the internet before the military caught up with technology,” Richard Blech, founder and CEO of the cybersecurity firm Secure Channels, told the Observer.

Indeed, while hacks of civilian websites like Sony and Ashley Madison have made more headlines in recent years, military jet hacks have also become more common—a group of Chinese hackers actually stole large amounts of data about America’s F-35 fleet from Pentagon and Lockheed Martin servers between 2009 and 2013.

The government needs to take these threats more seriously, according to Blech—and that means funding programs to stop them.

“We have to get the budget out there to stay ahead of this because otherwise it’s gonna have a major impact,” he said.

Some members of Congress share Blech’s sense of urgency—last year Massachusetts Senator Ed Markey sent letters to 12 airlines, along with Airbus and Boeing, asking how the companies were responding to cybersecurity threats in the air.

“As technology rapidly continues to advance, we must all work to ensure that the airline industry remains vigilant in protecting its aircraft and systems from cybersecurity breaches and attacks,” Markey, a member of the Commerce, Science and Transportation Committee, wrote in the letter.

The answers Markey received revealed that there is no uniform standard for cybersecurity testing, so in April he introduced the Cybersecurity Standards for Aircraft to Improve Resilience Act of 2016, which would require the disclosure of information relating to cyberattacks on aircraft systems, and would establish guidelines to identify and address cybersecurity vulnerabilities in commercial aviation.

“We know that terrorists and others that mean to do us harm will try to exploit any loophole or technological advance in our transportation systems, so we must continually bolster the standards and practices of the airline industry to ensure the safety and security of passengers on board commercial aircraft,” Markey said in a press release announcing the bill.

The bill was referrred back to Markey’s committee, but no further action has been taken. Markey’s office did not respond to several requests for comment.

Blech said that Washington red tape was no excuse for risking the security of military air fleets.

“If you don’t have a standard there’s gonna be confusion and there’s not gonna be interoperability,” he said. “Bad actors are gonna find an attack vector to expose. Protections have to be put in at the conceptual stage when you’re building out the aircraft.”